A Flaw In Slack, The Group Messaging App That's Going Viral In Silicon Valley, Exposes The Names Of Chat Rooms To Anybody
When using the Slack client for Mac, Sai discovered that you can visit Slack.com, enter a fake email address with any real company domain (like Apple.com, Google.com, etc.), and you can see all of the internal Slack teams associated with that company.
You can't enter the Slack rooms, but you can see the names of the rooms. As Sam Biddle at Valleywag points out:
Sure, you can't actually join the teams, or see what channels exist within them, or read a single letter that's been exchanged. But I now know there's a Slack team at Google called "Tribe Wearables"-does that mean they acquired this company? Even if this isn't sensitive information, it's still information-and that's not what people are paying Slack to do.
In some cases, performing this maneuver lets you see what these companies are working on. Check it out:
And The New York Times:
And The Wall Street Journal:
And last but certainly not least, Slack:
You can try this with basically any company you can think of - Slack is particularly hot among Silicon Valley startups.
We've reached out to Slack for comment, and the company said it would get back to us shortly.
- The Cybertruck's lack of door handles confused its first buyers — leading Elon Musk to show them how to open the truck
- Adani Group to invest USD 75 bn to scale up AGEL's RE portfolio to 45 GW: Gautam Adani
- OnlyFans star Riley Reid plans to 'immortalize' herself using AI. Here's how her team built her new chatbot.
- One of Two and a half men Charlie Sheen back on TV, as himself
- As road & rail projects gather steam, cap good companies set for a decadal growth opportunity
- Network18 group to merge TV, digital news businesses
- Electric eels can change the genetic composition of other organisms by shocking them!
- Exploring vibrant flavors: 10 healthy salad options in India